1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
raise SkipTest unless service?(:webapp)
require 'json'
class Webapp < LeapTest
depends_on "Network"
def setup
end
def test_01_Can_contact_couchdb?
url = couchdb_url("", url_options)
assert_get(url) do |body|
assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
end
pass
end
def test_02_Can_contact_couchdb_via_haproxy?
if property('haproxy.couch')
url = couchdb_url_via_haproxy("", url_options)
assert_get(url) do |body|
assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
end
pass
end
end
def test_03_Are_daemons_running?
assert_running '/usr/sbin/apache2'
assert_running '/usr/bin/nickserver'
pass
end
#
# this is technically a black-box test. so, move this when we have support
# for black box tests.
#
def test_04_Can_access_webapp?
assert_get('https://' + $node['webapp']['domain'] + '/')
pass
end
def test_05_Can_create_and_authenticate_and_delete_user_via_API?
@user = SRP::User.new
@session_token = nil
@user_id = nil
# create user
url = api_url("/1/users.json")
assert_post(url, @user.to_params) do |body|
assert response = JSON.parse(body), 'response should be JSON'
assert response['ok'], 'creating a user should be successful'
end
# authenticate
url = api_url("/1/sessions.json")
session = SRP::Session.new(@user)
params = {'login' => @user.username, 'A' => session.aa}
assert_post(url, params) do |response, body|
cookie = response['Set-Cookie'].split(';').first
assert(response = JSON.parse(body), 'response should be JSON')
assert(bb = response["B"])
session.bb = bb
url = api_url("/1/sessions/login.json")
params = {'client_auth' => session.m, 'A' => session.aa}
options = {:headers => {'Cookie' => cookie}}
assert_put(url, params, options) do |body|
assert(response = JSON.parse(body), 'response should be JSON')
assert(response['M2'], 'response should include M2')
assert(@session_token = response['token'], 'response should include token')
assert(@user_id = response['id'], 'response should include user id')
end
end
# delete
url = api_url("/1/users/#{@user_id}.json")
options = {:headers => {
"Authorization" => "Token token=\"#{@session_token}\""
}}
delete(url, {}, options) do |body, response, error|
if response.code.to_i != 200
skip "It appears the web api is too old to support deleting users"
else
assert(response = JSON.parse(body), 'response should be JSON')
assert(response["success"], 'delete should be a success')
pass
end
end
end
private
def url_options
{
:username => property('couchdb_webapp_user.username'),
:password => property('couchdb_webapp_user.password')
}
end
def api_url(path)
"https://%{domain}:%{port}#{path}" % {
:domain => property('api.domain'),
:port => property('api.port')
}
end
#
# I tried, but couldn't get this working:
# #
# # get an CSRF authenticity token
# #
# url = api_url("/")
# csrf_token = nil
# assert_get(url) do |body|
# lines = body.split("\n").grep(/csrf-token/)
# assert lines.any?, 'failed to find csrf-token'
# csrf_token = lines.first.split('"')[1]
# assert csrf_token, 'failed to find csrf-token'
# end
end
|
